Redirection, which is required by many applications and services, inherently brings in a security risk. Redirects are dangerous because unsuspecting users who are visiting trusted sites can be redirected to malicious sites that exploit the users' trust. A new featured, called allowed list, has been added that restricts target URLs to specific domains.
You can restrict target URLs to URLs which match the domains in the allowed list.
Any target URLs that use a domain that is not in the list are blocked and the user receives the following error message:
The request to provide authentication to a service provider has failed (outsidedomain.com-89F57BF823DFE551).
On the Home page, click Applications > Select a Cluster > [application name] > SAML v2.0 Service Provider > Intersite Transfer.
In Domain List, click Plus icon.
Specify the domain name.
The domain name must be a full domain name, such as www.example.com. Wildcard domain names, such as www.example.*.com, do not work.
To edit an existing domain name, click the name, modify the name, and click OK.
To delete an existing domain name, select the domain, and click Delete.
Click OK.
Update Identity Server.